SecuriteInfo[.]com[.]BScope[.]Trojan[.]Wacatac[.]16583[.]14849[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.BScope.Trojan.Wacatac.16583.14849.exe
Size

1.0MB
MD5

bb6f08e7e3daf1d27240ae9aa32b0fbf
SHA1

a386c6db88db7dd13c122e3fe5c27180393a0b32
SHA256

7d9671944e0f845093fc39ab4087315b396f857e3bfd3bac1bde6465c5cc1907
SHA512

8e2b7706a036b47e389841841fa20695dde800ea4de143c4c9fed0d69e1d0ce329074ddccf12fb1c7292c424cdf7c7bc302ae7c5f303def0666ce2c6ff73f151
SSDEEP

12288:/iisZ2EC95e+hiWt7ITY3nc4zF/Z5ijVR5Zrhkssgc1Ad2uN8qIRZS9VC+r8:/iHl4Zt13c4zf5iD51hklgpN8qIRYr8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.BScope.Trojan.Wacatac.16583.14849.exe

Files

SecuriteInfo.com.BScope.Trojan.Wacatac.16583.14849.exe
.exe windows x86

af2d926755c0ee1745be089ccb037a67

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
DeleteUrlCacheEntry

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

ImageList_Draw
InitCommonControlsEx
ImageList_LoadImageA
_TrackMouseEvent

shlwapi

StrFormatByteSizeA

urlmon

URLDownloadToFileA

kernel32

FreeLibrary
WideCharToMultiByte
CreateThread
GetTickCount
WaitForSingleObject
GetExitCodeThread
DeleteFileA
GetCurrentThreadId
lstrcatA
CreateProcessA
GetExitCodeProcess
lstrlenW
GetSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
MultiByteToWideChar
MulDiv
GetTempPathA
DuplicateHandle
GetCurrentProcess
LocalFree
FormatMessageA
GetLastError
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
FileTimeToLocalFileTime
SetLastError
GetWindowsDirectoryA
GetVolumeInformationA
CreateDirectoryA
GetTempFileNameA
GetSystemInfo
GetVersionExA
GlobalMemoryStatus
GetSystemDefaultLangID
VerLanguageNameA
GetSystemDirectoryA
CompareFileTime
WinExec
SystemTimeToFileTime
CreateMutexA
lstrcpynA
CopyFileA
OutputDebugStringA
GetThreadLocale
SetThreadLocale
GetFileTime
GetFileType
GetCurrentDirectoryA
GetProcAddress
SetFileTime
GetFileInformationByHandle
GetFileSize
FileTimeToDosDateTime
UnmapViewOfFile
GetLocalTime
LCMapStringA
RtlUnwind
RaiseException
GetStartupInfoA
GetProcessHeap
GetCommandLineA
GetTimeZoneInformation
ExitProcess
GetModuleHandleA
GetSystemTimeAsFileTime
SetStdHandle
GetFullPathNameA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
GetFileAttributesA
GetDateFormatA
GetTimeFormatA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
GetACP
InterlockedExchange
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetOEMCP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
SetHandleCount
GetConsoleCP
GetConsoleMode
GetDriveTypeA
LoadLibraryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
ReadFile
FindClose
FindNextFileA
lstrcmpiA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FindFirstFileA
CloseHandle
CreateFileA
GetEnvironmentVariableA
FileTimeToSystemTime
lstrcpyA
lstrlenA
IsValidCodePage
GetStringTypeA
LCMapStringW
GetCPInfo
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileW
CompareStringA
CompareStringW
SetEnvironmentVariableA
DosDateTimeToFileTime
TlsGetValue

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
IsDialogMessageA
GetSysColor
InflateRect
UnionRect
SetRectEmpty
DrawTextA
GetClassNameA
InsertMenuItemA
TrackPopupMenuEx
DeleteMenu
GetSubMenu
LoadMenuA
GetCursorPos
SystemParametersInfoA
PostQuitMessage
KillTimer
LoadImageA
CreateWindowExA
SendMessageTimeoutA
LoadAcceleratorsA
DestroyIcon
LoadStringA
RegisterWindowMessageA
GetUserObjectInformationA
GetThreadDesktop
SetTimer
GetWindow
UpdateWindow
CharUpperA
SetActiveWindow
GetSystemMetrics
SetPropA
CopyIcon
ReleaseCapture
PtInRect
ClientToScreen
SetCapture
InvalidateRect
GetCapture
DrawFocusRect
CallWindowProcA
RemovePropA
GetPropA
ScreenToClient
BringWindowToTop
OffsetRect
GetWindowRect
ReleaseDC
GetDC
RegisterClassExA
SetWindowLongA
DefWindowProcA
IsWindow
SetDlgItemTextA
GetDlgCtrlID
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
MessageBoxA
WaitForInputIdle
SetWindowPos
EnableMenuItem
GetSystemMenu
EnumChildWindows
GetFocus
SetFocus
GetWindowLongA
IsWindowEnabled
LoadCursorA
SetCursor
EnableWindow
GetParent
SetWindowTextA
CreateDialogParamA
DialogBoxParamA
EndPaint
FillRect
BeginPaint
GetClientRect
IsIconic
GetDlgItem
LoadIconA
SendMessageA
DestroyWindow
EndDialog
ShowWindow
wsprintfA
PostMessageA
IsWindowVisible
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
FindWindowA
GetWindowTextA
MoveWindow

gdi32

DeleteObject
CreateSolidBrush
SetBkColor
GetDeviceCaps
GetTextMetricsA
RoundRect
CreatePen
SelectObject
SetBkMode
ExtTextOutA
GetTextExtentPoint32A
GetObjectA
SetTextColor
CreateFontIndirectA

advapi32

RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegFlushKey
RegQueryValueA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyA
RegEnumKeyExA
RegEnumValueA

shell32

Shell_NotifyIconA
SHAppBarMessage
ShellExecuteA

ole32

OleCreate
CoCreateGuid
StringFromGUID2
OleSetContainedObject
CoTaskMemAlloc
OleUninitialize
OleInitialize
CoTaskMemFree

oleaut32

VariantClear
SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreate
VariantInit
SafeArrayUnaccessData
SysFreeString
GetErrorInfo
SysAllocString

ws2_32

shutdown
htons
inet_addr
gethostbyname
connect
socket
recv
send
closesocket

Sections

.text
Size: 556KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af2d926755c0ee1745be089ccb037a67

Headers

File Characteristics

Imports

wininet

version

comctl32

shlwapi

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

Sections

.text Size: 556KB - Virtual size: 553KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 360KB - Virtual size: 357KB

.text
Size: 556KB - Virtual size: 553KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 360KB - Virtual size: 357KB